Bug#1017988: bluez: systemd: ConfigurationDirectory 'bluetooth' already exists but the mode is different

2024-01-01 Thread Max Nikulin 

Control: tag -1 upstream
Control: forwarded -1 https://github.com/bluez/bluez/issues/414

On Tue, 23 Aug 2022 10:56:27 -0600 Kevin Locke wrote:


systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode 
is different. (File system: 755 ConfigurationDirectoryMode: 555)

[...]

[Service]
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555


These lines were added to fix

"systemd failed to set up mount namespacing for /var/lib/bluetooth"
and it seems the intention was to have the `/etc/bluetooth` directory
read-only. Actually the effect is the opposite. `ProtectSystem=strict`
causes `/` being mounted read-only and `ConfigurationDirectory` causes
`/etc/` mounted as writable.

So the extra directives decrease degree of protection against various 
potential vulnerabilities in bluetoothd. Otherwise the reported warning 
may be considered harmless.


As a workaround you may create the following configuration drop-in file
/etc/systemd/system/bluetooth.service.d/disable-configuration-directory.conf

 8< 
[Service]
ConfigurationDirectory=
ConfigurationDirectoryMode=
 >8 

To apply updated configuration run

systemctl daemon-reload
systemctl restart bluetooth.service

Bug#1017988: bluez: systemd: ConfigurationDirectory 'bluetooth' already exists but the mode is different

2022-08-23 Thread Kevin Locke 
Package: bluez
Version: 5.65-1
Severity: minor

Dear Maintainer,

With bluez 5.65-1 and systemd 251.3-1, the following message is logged
on boot:

systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode 
is different. (File system: 755 ConfigurationDirectoryMode: 555)

My understanding is that this occurs because bluez creates the
/etc/bluetooth directory with mode 0755, yet
/lib/systemd/system/bluetooth.service contains

[Service]
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555

Creating /etc/bluetooth with mode 0555 or setting
ConfigurationDirectoryMode to 0755 should resolve the warning.

Thanks,
Kevin


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (990, 'testing-debug'), (990, 'testing'), (500, 
'unstable-debug'), (500, 'stable-debug'), (500, 'unstable'), (101, 
'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-rc2 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bluez depends on:
ii  dbus [default-dbus-system-bus]  1.14.0-2
ii  init-system-helpers 1.64
ii  kmod30+20220630-3
ii  libasound2  1.2.7.2-1
ii  libc6   2.34-4
ii  libdbus-1-3 1.14.0-2
ii  libdw1  0.187-1
ii  libglib2.0-02.72.3-1+b1
ii  libreadline88.1.2-1.2
ii  libudev1251.3-1
ii  lsb-base11.2
ii  udev251.3-1

bluez recommends no packages.

Versions of packages bluez suggests:
pn  pulseaudio-module-bluetooth  

-- no debconf information